A simple attacks strategy of BB84 protocol 
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Abstract 



A simplified eavesdropping-strategy for BB84 protocol in quantum cryptography is 
proposed. This scheme is based on the 'indirect copying'. Under this scheme, eavesdrop- 
per can exactly obtain the exchanged information between the legitimate users without 
being detected. 
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I. Introduction 

Quantum cryptography, suggested originally by S.Wiesner [1] and then by C.H.Bennett 
and G. Brassard [2], employs quantum phenomena such as the uncertainty principle and 
the quantum corrections to protect distributions of cryptographic keys. Key distribution is 
defined as procedure allowing two legitimate users of communication channel to establish 
two exact copies, one copy for each user, of a random and secret sequence of bits. In 
other words, quantum cryptography is a technique that permits two parties, who share no 
secret information initially, to communicate over an open channel and to establish between 
themselves a shared secret sequence of bits. Quantum cryptography is provably secure 
against eavesdropping attack, in that, as a matter of fundamental principle, the secret 
data can not be compromised unknowingly to the legitimate users of the channel. BB84 



1 Email: ghzeng@pub.xaonline.com 



1 



protocol [3] is a key distribution protocol over an open channel by quantum phenomena, 
it relies on the uncertainty principle of quantum mechanics to provide key security. The 
security guarantee is derived from the fact that each bit of data is encoded at random on 
either one of a conjugate pair of observables of quantum-mechanical object. Because such 
a pair of observables is subjected to the Heisenberg uncertainty principle, measuring one 
of the observables necessarily randomizes the other. 

Although quantum cryptography is provably security, with the quantum key distri- 
bution protocols presented, several attacks strategy have been generated, such as inter- 
cept/resend scheme [4], beamsplitting scheme [4], entanglement scheme [5-7] and quantum 
copying [9,10]. In the intercept /resend scheme, Eve intercepts selected light pulses and 
reads them in bases of her choosing. When this occurs, Eve fabricates and sends to Bob a 
pulse of the same polarization as she detected. However, due to uncertainty principle, at 
least 25% of the pulse Eve fabricates will yield the wrong result if later successfully mea- 
sured by Bob. The other attack, beamsplitting, depends on the fact that transmitted light 
pulses are not pure single-photon states. In the entanglement scheme, the eavesdropper 
involves the carrier particle in an interaction with her own quantum system, referred to as 
probe, so that the particle and the probe are left in an entangled state, and a subsequent 
measurement of the probe yields information about the particle. Some investigators are 
now turning their attention to collective attacks and joint attacks. About these attacks 
description please see Ref. [8] and its references. Eve can also use the quantum copying to 
obtain the information between Alice and Bob. Two kind quantum copies are presented 
[10,11]. It is appropriate to emphasize the limitation of above attacks strategy. All these 
mentioned attacks strategy are restricted by the uncertainty principle or the quantum 
corrections, so Eve can not break the quantum cryptography protocols. The risk of eaves- 
dropper is to disturb the information and finally to be detected by the legitimate users. 
This is the reason why quantum cryptography is declared to be provably security. 

The Eve's aim is to obtain more information from the open channel set up by legiti- 
mates user, saying Alice and Bob, and induce more less disturbance on the transmitting 
quantum bits, so that she can not be detected by the legitimate users Alice and Bob. 
In usually, the uncertainty principle or the quantum corrections prevents Eve's attempt 
from eavesdropping the useful information without being detection. However if Eve can 
escape the restriction of the uncertainty principle, her attempt will be succeed. 
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In this paper we propose a novel attack strategy for quantum cryptographic proto- 
cols. Under this strategy, the security of BB84 quantum key distribution protocol will 
completely loss. The scheme works by follows procedure: Eve constructs a prescription 
function. This function must be an uniform function for every different quantum state 
used by Alice and Bob. This mean that every function value corresponds to a different 
quantum state. It consists of a reference list that all these corresponding relationship of 
function value to different quantum state. While Alice sends a random quantum sequence 
to Bob, Eve intercepts every state and calculates the corresponding value by the function, 
then gives up the intercepted state. When this finishes, Eve resends a new quantum state 
to Bob according to the reference list in which every value corresponds a correct quan- 
tum state. By this method Eve can exactly obtain the information exchanged between 
Alice and Bob without being detected. We call this method as "indirect copying". Of 
course, It is different from the probabilistic cloning and the inaccurance quantum copying. 
Obviously, the "indirect copying" is not a true copy of quantum bits. 

II.BB84 quantum key distribution protocol 

For describing our attacks strategy, we first review the BB84 protocol. The BB84 
protocol is the first key distribution protocol in quantum cryptography. Follows are the 
protocol in details [12]. 

1. Alice prepares a random sequence of photons polarized and sends them to Bob 

2. Bob measure his photon using a random sequence of bases 

3. Results of Bob's measurements. Some photons are shown as not having been received 
owing to imperfect detector efficiency. 

4. Bob tells Alice which basis he used for each photon he received. 

5. Alice tells him which bases were correct. 

6. Alice and Bob keep only the data from these correctly measured photons, discarding 
all the rest. 

7. This data is interpreted as a binary sequence according to the coding scheme: 
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8. Bob and Alice test their key by publicly choosing a random subset of bit positions 
and verifying that this subset has the same parity in Bob's and Alice's versions of 
the key (here parity is odd). If their keys had differed in one or more bit position, 
this test would have discovered that fact with probability 1/2. 

9. Remaining secret key after Alice and Bob have discarded one bit from the chosen 
subset in step 8, to compensate for the information leaked by revealing its parity. 
Step 9 and 10 are repeated k times with k independent random subsets, to certify 
with probability 1 — 2~ k that Alice's and Bob's keys are the identical, at the cost of 
reducing the key length by k bits. 

10. Distilling the security key by the privacy amplification [13]. The basic principle of 
privacy amplification is as follows. Let Alice and Bob shared a random variable 
W, such as a random n-bit string, while an eavesdropper Eve learns a corrected 
random variable V, providing at most t < n bits of information about W, i.e., 
H(W\V) <n — t. Eve is allowed to specify an arbitrary distribution Pyw (unknown 
to Alice and Bob) subject to the only constraint that i2(W|V = v ) < n — t with high 
probability (over values v), where ^(W^V" = v) denotes the second-order conditional 
Renyi entropy of W, given V — v. For any s < n — t, Alice and Bob can distill 
r = n — t — s bits of the secret key K = G(W) while keeping Eve's information 
about K exponentially small in s , by publicly choosing the compression function G 
at random from a suitable class of maps into {0, l} n ~ t ~ s . 

III. Construction of Reference List 

To perform privacy communication between legitimate users, known as Alice and Bob, 
a set of pre-defined nonorthogonal quantum states or noncommuting quantum states often 
are used. For briefly, We call this set of pre-defined nonorthogonal quantum state or the 
noncommuting quantum states as basic quantum states (BQS) in the remainder paper. 
Because the BQS are publicly announced by Alice and Bob, Eve can easily get it. In BB84 
protocol, the BQS are the four noncommuting states |0>,||>,||>,|^ L >. Of course 
the linearly polarized states |0 >, || > and the circularly polarized states \j >,\^f- > are 
orthogonal, respectively. In BB84 quantum key distribution protocol, the quantum states 
|0 > and 1 1 > are measured by the so called rectilinear measurement type. Representing 
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this rectilinear measurement type as C, we have 



£|0 >= Ai|0 >, 
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where \,i = 1,2 are eigenvalues. Because the states |0 > and || > constitute a base in 
Hilbert, an arbitrary quantum state can be expanded by this base, i.e., 
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By Eq.(3), it is easy to obtain 
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Consider a proper ancilla quantum state, for example, 
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making product between the ancilla quantum state \a > and the quantum of BQS gives 
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Obviously, an observable value rrij,j = 1,2,3,4 corresponds to only a basic quantum 
state \jk >, k — 1, 2, 3, 4. All these corresponding relationship constructs a corresponding 
reference list. It is given by 
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List (11) constructs an uniform function between the sorting value and the BQS, i.e., Sk = 
f(\jk >), where k = 1,2,3,4, \jk > represent the four basic quantum states. Obviously, 
5*1 7^ 5*2 7^ 5*3 7^ S4. When Alice connects Bob and exchanges information, Eve intercepts 
the sequences of the quantum bits. For each quantum bit in the sequence intercepted by 
Eve, she measures it and obtains a corresponding sorting value. Comparing the sorting 
value to the reference list, Eve resends the corresponding quantum bit to Bob. For 
example, if the measurement value corresponds m 2 = 1/4, Eve resends the quantum state 
1 1 > to Bob. Thus, Eve can exactly obtain the complete information exchanged between 
Alice and Bob, and escapes the detection of Alice and Bob. So under the presented attack 
strategy, the BB84 protocols is completely insecure. 

IV. Attack scheme 

First, Eve constructs a corresponding reference list for every state of BQS. For correctly 
determining the intercepted quantum states and resending the correct quantum bits to 
Bob, every basic quantum state > must correspond to a different reference value 
(marking the function value as Sk, k — 1, 2, • • • , to). So Eve firstly need to construct an 
uniform function which is an one-to-one map of \jk > to the function value m^. 

Second, Eve intercepts the random sequence of quantum states sent by Alice and cal- 
culates the value for every intercepted state by measurement operation. For distributing 
the quantum key, Alice randomly choose the quantum state from the basic quantum state 
\jk >,k = 1, 2, • • • , to, and sends the randomly selected quantum bits sequence to Bob. 
The communication between Alice and Bob is in an open channel, which Eve can easily 
access. Eve intercepts the quantum bits sequences sent by Alice, and measures the observ- 
ables TOfe, k = 1, 2, 3, 4 for every quantum bit. By the measurement values Eve calculates 
the corresponding sorting for every intercepted quantum state by her machine. 

Third, Eve gives up the intercepted quantum state. The Eve's operation will limited by 
the uncertainty principle, her measurement disturbs the quantum state because she don't 
know beforehand the every random quantum bit state. If Eve resends these intercepted 
states to Bob like the Intercept/Resend attack strategy proposed in Ref.[6], she will reveal 
herself. To avoid these case, we let Eve give up all these intercepted states. 

Finally, Eve resends the corresponding quantum states. By the calculation sorting 
values obtained in step 2, Eve chooses a corresponding quantum bit state according to 
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the reference list and resends it to Bob. The resent quantum state is exactly same as that 
send by Alice, it seems that Eve 'copies' the Alice's quantum state. However, it is not a 
real copying, This 'copying' is completely different from the probability and inaccurance 
copying. We call it as "indirect copying" . By this method Eve can measure Alice's signal 
exactly, and resend an exact copy of it, thereby escaping detection. 

Our attack strategy makes the quantum cryptographic protocol at risk. Of course, our 
scheme can not attack every protocol proposed previously. For example, we can not attack 
the Ekert protocol [14], because there is no information encoded there while the particle 
transits from the source to the legitimate users. In fact, our scheme is only valid for the 
protocol that quantum state is encoded in transit. Meanwhile, Eve must know the BQS. 
In addition, the interval time between two adjacent quantum state of the resent quantum 
state should almost keep the same as that in Alice's random sequence of quantum bits so 
that Bob can not feel Eve. 

V. Conclusion 

In conclusion, we proposed an attack strategy for BB84 key distribution protocol in 
the quantum cryptography, we called this strategy as 'indirect copying attack'. Under 
this strategy, the BB84 quantum cryptographic protocols is at risk, the eavesdropper can 
exactly obtain the information between the legitimate users without being detected. Of 
course, the presented strategy is only valid for the case that the quantum state is encoded 
in transit. 
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